“Killer text bomb” crashed iPhones, iPads, Macs, and Apple Watches

February 19, 2018

3 Min Read

Apple has confirmed that it is working on a bug fix that will stop apps like Messages from crashing when they attempt to display a Unicode symbol representing a letter from the south Indian language of Telugu.

The Unicode-based bug has been exploited by juvenile pranksters, who posted app-crashing messages on Twitter, WhatsApp, Instagram, and Facebook, or even changed their screenname to one which contained the symbol.

The symbol, which I won’t repeat here for fear of crashing readers’ apps (trust me.. while writing this article I managed to bork my browser once at twice), can cause iPhones, iPads, Apple Watches and even Apple TV devices to endlessly reboot themselves if received in a notification. If you’re curious there’s a good write-up about it on Mozilla engineer Manish Goregaokar’s blog.

One security researcher demonstrated that it was possible to make macOS network applications crash by creating a Wi-Fi hotspot which included the offending symbol.

And just last month, a malicious link known as the “ChaiOS bug” was found to be capable of crashing devices running iOS and macOS.

Apple rolled out patches for these past vulnerabilities, and it has been confirmed that this latest text bomb has already been fixed in the current beta versions of iOS, macOS, watchOS, and tvOS. So, if you are unable to delete the offending messages, you have a choice – either wait for the next update to iOS or borrow your friend’s Android smartphone.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.